Vulnerabilities > Argoproj > Argo CD > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-23 CVE-2022-24730 Incorrect Authorization vulnerability in Argoproj Argo CD
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
network
low complexity
argoproj CWE-863
6.5
2022-03-23 CVE-2022-24731 Information Exposure Through an Error Message vulnerability in Argoproj Argo CD
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
network
low complexity
argoproj CWE-209
4.9
2022-02-16 CVE-2021-3557 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A flaw was found in argocd.
network
low complexity
argoproj redhat CWE-732
6.5
2021-05-12 CVE-2021-23135 Information Exposure Through an Error Message vulnerability in Argoproj Argo CD
Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs.
local
low complexity
argoproj CWE-209
5.5
2021-03-15 CVE-2021-26924 Cross-site Scripting vulnerability in Argoproj Argo CD
An issue was discovered in Argo CD before 1.8.4.
network
low complexity
argoproj CWE-79
6.1
2021-03-03 CVE-2021-23347 Cross-site Scripting vulnerability in Argoproj Argo CD
The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user.
network
low complexity
argoproj CWE-79
4.8
2021-02-09 CVE-2021-26921 Insufficient Session Expiration vulnerability in Argoproj Argo CD
In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.
network
low complexity
argoproj CWE-613
6.5
2020-04-09 CVE-2018-21034 Information Exposure vulnerability in Argoproj Argo CD
In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git.
network
low complexity
argoproj CWE-200
6.5
2020-04-08 CVE-2020-11576 Information Exposure Through Discrepancy vulnerability in Argoproj Argo CD 1.5.0
Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts because /api/v1/session returned 401 for an existing username and 404 otherwise.
network
low complexity
argoproj CWE-203
5.3